Pull falco chart from helm/charts #1
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* [stable/falco] Add Falco chart * Fix indentation and other stuff reported by CI * Add appVersion to Chart.yaml * Specify container resources * Allow to load external Falco rules * Move GCSCC integrations to a top level integrations section We can correlate falco.* keys for falco related settings, and refer them in Falco Wiki * Rename deployment to fakeEventGenerator First one is too generic * Add OWNERS file * Separate rbac and serviceAccount Follow RBAC best practices: https://github.com/kubernetes/helm/blob/master/docs/chart_best_practices/rbac.md * Use falco.serviceAccount name template for cluster role binding * Fixes required from reviewer * Allow passing rules in an external file instead of editing configMap by hand * Remove quotes from Chart version I'm not sure if this break lint stage in CircleCI * Update Chart.yaml
* [stable/falco] Fix some small typos Fix some small typos * Add version 0.1.1 Add version 0.1.1
* Update value of bufferedOutputs in configmap documentation * Add NATS output integration for Sysdig Falco * Add a change log
* Add eBPF support for Falco in Helm Chart * Add a more fine grained settings for eBPF stuff
Signed-off-by: Néstor Salceda <[email protected]>
Signed-off-by: cpanato <[email protected]>
* Add Amazon SNS integration This allows Falco to publish alerts to a SNS topic Signed-off-by: Néstor Salceda <[email protected]> * Fix build and add entry to the CHANGELOG Signed-off-by: Néstor Salceda <[email protected]>
Signed-off-by: Diego Lendoiro <[email protected]>
Signed-off-by: Néstor Salceda <[email protected]>
Signed-off-by: Néstor Salceda <[email protected]>
* use version 0.13.0 instead of latest Signed-off-by: cpanato <[email protected]> * udpate changelog Signed-off-by: cpanato <[email protected]>
* update correct exemple Signed-off-by: Daniel BERUBEN <[email protected]> * Signed-off-by: Daniel BERUBEN <[email protected]> * bump chart version Signed-off-by: Daniel BERUBEN <[email protected]> * update CHANGELOG Signed-off-by: Daniel BERUBEN <[email protected]> * update space Signed-off-by: Daniel BERUBEN <[email protected]> �:q! * remove space Signed-off-by: Daniel BERUBEN <[email protected]> �:x * space Signed-off-by: Daniel BERUBEN <[email protected]> �:x
Signed-off-by: Cameron Attard <[email protected]>
* Upgrade to Falco 0.14.0 Signed-off-by: Néstor Salceda <[email protected]> * Enable eBPF by default on Falco builds Signed-off-by: Néstor Salceda <[email protected]> * Allow to specify images from different registries than `docker.io` Signed-off-by: Néstor Salceda <[email protected]> * Upgrade Chart version to a minor one because eBPF default value Signed-off-by: Néstor Salceda <[email protected]> * Use RollingUpgrade strategy by default Signed-off-by: Néstor Salceda <[email protected]> * Provide a sane defaults for resources Signed-off-by: Néstor Salceda <[email protected]> * Update CHANGELOG entries Signed-off-by: Néstor Salceda <[email protected]> * Add minor / major categorization to changelog Signed-off-by: Néstor Salceda <[email protected]>
* Disable ebpf by default This reverts the change made on 0.6.0 Signed-off-by: Néstor Salceda <[email protected]> * Specify in CHANGELOG that we are reverting the previous change. The vast majority of our users are using the kernel module approach and we can cause some troubles with this change. Signed-off-by: Néstor Salceda <[email protected]> * Explain WHY we activated the ebpf module by default Signed-off-by: Néstor Salceda <[email protected]>
* [stable/falco] Add GCloud PubSub integration * Add GCloud PubSub integration This allows Falco to publish alerts to a PubSub topic Signed-off-by: Federico Barcelona <[email protected]> * [stable/falco] Fix values to follow naming conventions Signed-off-by: Federico Barcelona <[email protected]> * [stable/falco] Changes requested in the PR - Follow naming conventions - Use only one secret instead of two different ones Signed-off-by: Federico Barcelona <[email protected]>
Signed-off-by: Federico Barcelona <[email protected]>
Signed-off-by: Néstor Salceda <[email protected]>
Instead of hardcoding or relying in DNS, use this method. Signed-off-by: Néstor Salceda <[email protected]>
Signed-off-by: Néstor Salceda <[email protected]>
* [stable/falco] make the container runtime socket configurable Co-authored-by: Leonardo Di Donato <[email protected]> Signed-off-by: Lorenzo Fontana <[email protected]> * [stable/falco]: update to falco 0.15.0 with cri-o and containerd support Signed-off-by: Lorenzo Fontana <[email protected]> Co-Authored-By: Leonardo Di Donato <[email protected]> Signed-off-by: Lorenzo Fontana <[email protected]> * [stable/falco]: update changelog Signed-off-by: Lorenzo Fontana <[email protected]> Co-Authored-By: Leonardo Di Donato <[email protected]> * [stable/falco]: bump chart release to 0.7.6 Signed-off-by: Lorenzo Fontana <[email protected]> Co-Authored-By: Leonardo Di Donato <[email protected]>
* [stable/falco] Upgrade to Falco 0.15.1 Signed-off-by: Néstor Salceda <[email protected]> * Reflect values in README Signed-off-by: Néstor Salceda <[email protected]>
Signed-off-by: Naoki Oketani <[email protected]>
* [stable/falco] Fix issues with timezone parameter inclusion. * Add it to values.yaml file * Add the ChangeLog entry Signed-off-by: Néstor Salceda <[email protected]> * [stable/falco] Upgrade Falco to 0.15.3 Signed-off-by: Néstor Salceda <[email protected]>
…ation with Falco (#15020) Signed-off-by: Néstor Salceda <[email protected]>
Signed-off-by: Maxime VISONNEAU <[email protected]>
Signed-off-by: Néstor Salceda <[email protected]>
…_event_drops, time_format_iso8601 and httpOutput (#15361) * [stable/falco] Add a parameter to use ISO8601 formatted dates If true, the times displayed in log messages and output messages will be in ISO 8601. By default, times are displayed in the local time zone, as governed by /etc/localtime. Signed-off-by: Néstor Salceda <[email protected]> * [stable/falco] Allow configuration for `syscall_event_drops` in falco.yaml Falco uses a shared buffer between the kernel and userspace to pass system call information. When falco detects that this buffer is full and system calls have been dropped, it can take one or more of the following actions: - "ignore": do nothing. If an empty list is provided, ignore is assumed. - "log": log a CRITICAL message noting that the buffer was full. - "alert": emit a falco alert noting that the buffer was full. - "exit": exit falco with a non-zero rc. The rate at which log/alert messages are emitted is governed by a token bucket. The rate corresponds to one message every 30 seconds with a burst of 10 messages. Signed-off-by: Néstor Salceda <[email protected]> * [stable/falco] Enable httpOutput section from the configmap Signed-off-by: Néstor Salceda <[email protected]> * [stable/falco] Add CHANGELOG entry for 0.8.0 This was not done in [its own PR](helm/charts#14813 (comment)) Signed-off-by: Néstor Salceda <[email protected]> * [stable/falco] Bump version and add CHANGELOG entries Signed-off-by: Néstor Salceda <[email protected]>
* [stable/falco] Allow audit logging with Falco You can enable it on minikube with the following command: `helm install --name falco --set falco.webserver.enabled=true --set falco.webserver.clusterIP=10.96.0.100 stable/falco` The main problem is that minikube doesn't resolve the service from apiserver, so that you need to specify the clusterIP. https://github.com/falcosecurity/falco/blob/dev/examples/k8s_audit_config/README.md Signed-off-by: Néstor Salceda <[email protected]> * [stable/falco] Apiserver don't resolve internal services That would be a layering violation so we are going to rely only con clusterIP and that parameter is required if we enable the webserver features. https://kubernetes.io/docs/tasks/debug-application-cluster/audit/#url Signed-off-by: Néstor Salceda <[email protected]> * [stable/falco] Document values and upgrade chart version This is an 1.0.0 version, which means that Helm chart is feature complete in terms of we provide same functionality that daemonset provides. It's time to celebrate! Signed-off-by: Néstor Salceda <[email protected]> * [stable/falco] Add a section in README for explaining K8s audit event support Signed-off-by: Néstor Salceda <[email protected]> * [stable/falco] Write the README in a more actionable way Telling all the history about the Falco implementation of Audit Event rules is a bit useless here. It can be found on the awesome Falco documentation. Here I would like to focus a bit more on chart users and show them how to enable Falco with the audit events feature. Signed-off-by: Néstor Salceda <[email protected]> * [stable/falco] Add instructions for choosing the clusterIP address And another option for not recognized resource is that we were using a K8s version previous to v1.13 Signed-off-by: Néstor Salceda <[email protected]>
Signed-off-by: Fahad Arshad <[email protected]>
… (#17339) Signed-off-by: Naoki Oketani <[email protected]>
Signed-off-by: cw-sakamoto <[email protected]>
… (#19444) * [stable/falco] support multiple lines for falco.programOutput.program Signed-off-by: Naoki Oketani <[email protected]> * Modify CHANGELOG Signed-off-by: Naoki Oketani <[email protected]>
…19994) * [stable/falco] Sync with falcosecurity/falco/integrations manifests Signed-off-by: Néstor Salceda <[email protected]> * [stable/falco] Upgrade to latest Falco release 0.18.0 Signed-off-by: Néstor Salceda <[email protected]> * Rename cri with containerD Signed-off-by: Néstor Salceda <[email protected]> * [stable/falco] Separate AuditLog feature from webserver config This also allows to deploy the Falco Service to analyze K8s audit events without the need of deploying the AuditSink. It is more flexible. Signed-off-by: Néstor Salceda <[email protected]> * [stable/falco] Prepare new chart release Signed-off-by: Néstor Salceda <[email protected]> * Remove clusterIP dependency when using AuditSink We can rely on K8s DNS mechanism to send logs Signed-off-by: Néstor Salceda <[email protected]> * Remove clusterIP references from README Signed-off-by: Néstor Salceda <[email protected]>
Signed-off-by: Néstor Salceda <[email protected]>
Signed-off-by: Néstor Salceda <[email protected]>
* [stable/falco] allow gRPC configuration using values Signed-off-by: Leonardo Grasso <[email protected]> * [stable/falco] Update CHANGELOG.md Signed-off-by: Leonardo Grasso <[email protected]> * [stable/falco] chart version bump Signed-off-by: Leonardo Grasso <[email protected]>
* Make kernel module dir writable Signed-off-by: Salvatore Mazzarino <[email protected]> * Add CHANGELOG Signed-off-by: Salvatore Mazzarino <[email protected]>
…(#21436) * [stable/falco] add headless service for falco gRPC server Signed-off-by: Leonardo Grasso <[email protected]> * [stable/falco] gRPC certificates configuration Signed-off-by: Leonardo Grasso <[email protected]> * [stable/falco] Update CHANGELOG.md and bump version Signed-off-by: Leonardo Grasso <[email protected]>
* [stable/falco] upgrade agent and rules to 0.21.0 Signed-off-by: Cameron Attard <[email protected]> * [stable/falco] rename SYSDIG_BPF_PROBE to FALCO_BPF_PROBE Signed-off-by: Cameron Attard <[email protected]>
Signed-off-by: usamaahmadkhan <[email protected]>
Commands run: (from helm/charts) git subtree split --prefix stable/falco/ git co <resulting sha> git co -b falco_split (from falcosecurity/charts) git subtree add --prefix falco ../charts falco_split git-subtree-dir: falco git-subtree-mainline: 26466a2 git-subtree-split: 5ef70d4 Signed-off-by: Spencer Krum <[email protected]>
|
This is a reupload of https://github.com/falcosecurity/contrib/pull/15 |
|
This LGTM! Welcome to the Falco project! We probably owe the helm community a PR to remove this from their end. |
3 tasks
3 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pulls in the falco helm chart from the charts repo under helm. Helm has asked maintainers to take these steps.